Managing Users
How to add users and assign permissions to your users
During the set up of Facets Control, an admin role would have been assigned to you. In this Section, you will learn how to add your developers to Facets Control Plane.
Adding Users Manually
You can add users manually if you have Admin Credentials.
Click on the Settings Icon and click on Users.
Users Button in Settings (Click on the image to expand)
Click on Create User and fill in the details as required.
Creating a user manually (Click on the image to expand)
RBAC
Role Based Access Control helps you in assigning roles to users.
Base Roles
Permissions associated with each role is now listed as a tooltip in the Create User screen.
You can also refer to Granular Permissions section for a description of all permissions.
| Base Role | Roles |
|---|---|
| ADMIN | All pages, buttons and actions are accessible to the ADMIN role, including those in the DEVELOPER and VIEWER roles. |
| DEVELOPER | The following actions are available for DEVELOPER role in the listed screens: • Environments screen: Pause/Resume Releases • Secrets and Variables screen: Edit an Entry and Submit Changes. • Releases screen: Configure Release and Selective Release, Schedule Release and Unlock State. • Overrides screen: Add and Delete Override. • Backup screen: Create Snapshots. • Provided Resources screen: Update Resources. • Template Inputs screen: Create New Tenants and Edit Tenants. • Alerts Centre screen: Silence Alert • All the access privileges of VIEWER role. |
| VIEWER | • Environments screen: Sync with Git • Environment Overview screen: Renew and Download K8s credentials and Sync with Git • Backup screen: List Snapshots |
| GUEST | Usually gets assigned for a new user by default. Useful for Admin to filter and assign a role later. |
| CLUSTER_ADMIN | Perform Releases |
Additional Roles
Any Base Role can be assigned Additional Roles that give access to specific actions in Facets.
| Additional Roles | Roles |
|---|---|
| K8S_READER | Can download K8s credentials and do readonly operations |
| K8S_DEBUGGER | Can download K8s credentials and do write operations on K8s |
| CLI_ARTIFACT_PUSH | Can push artifacts using CLI |
Granular Permissions for RBAC roles
RBAC roles defined in Facets have a list of associated permissions that grant the user privileges to perform certain actions as listed in Base Roles table. You can find a comprehensive list of permissions listed below.
| Permission | Description |
|---|---|
| ALERTS_CONFIGURE | Grants permission to configure alerts. |
| APPLICATION_ROLLING_RESTART | Grants permission to initiate a rolling restart for an application. |
| ARTIFACTORY_WRITE | Grants permissions to create and edit artifactories. |
| ARTIFACTS_DELETE | Grants permissions to delete artifacts. |
| ARTIFACTS_WRITE | Grants Write permissions for actions related to artifacts. |
| CHANNEL_WRITE | Grants permission to create and edit channels. |
| ENVIRONMENT_CONFIGURE | Grants permission to configure environments. |
| ENVIRONMENT_DELETE | Grants permission to delete environments. |
| ENVIRONMENT_DESTROY | Grants permission to destroy environments. |
| ENVIRONMENT_LAUNCH | Grants permission to launch environments. |
| ENVIRONMENT_WRITE | Grants permission to create, edit and configure environments. |
| OAUTH_INTEGRATION_DELETE | Grants permission to delete OAuth integration. |
| OAUTH_INTEGRATION_WRITE | Grants permission to add and edit OAuth integration. |
| STACK_CONFIGURE | Grants permission to pause and unpause releases in an environment. |
| STACK_WRITE | Grants permission to add and edit blueprints. |
| SUBSCRIPTION_DELETE | Grants permission to delete subscriptions. |
| SUBSCRIPTION_WRITE | Grants permission to create and edit subscriptions. |
| TEMPLATE_WRITE | Grants permission to create and edit tenants. |
| USER_WRITE | Grants permission to create and edit user and also edit passwords. |
Google OAuth Integration
If you are using google workspace for your team logins, Facets can use the same login mechanism to give your users an instant access.
☝️ Create an Oauth Client ID in your google console
Please refer to the google docs below
| Variable Name | Value |
|---|---|
| Application Type | Web Application |
| Name | Any name indicating the name of the Oauth 2.0 client |
| Authorized Redirect URIs | https://facetsdemo.console.facets.cloud/login/oauth2/code/ |
This unique registration ID will be used later in the Facets UI to onboard the integration. We suggest it to be a single word all lower case.
✌️ Add the integration in Facets
Click on the "Oauth Integrations" and choose "Add new Google Integration".
Fill in the values as below
| Variable Name | Value |
|---|---|
| Registration Id | given in redirect URI |
| Client Id | From Google Console |
| Client Secret | From Google Console |
| Login Button Text | Text that will appear in the CP Login screen. For e.g. |
Logout to see this new button on the login screen. Any new user by default will receive a GUEST role until an ADMIN assign her to a desired Role
Updated 4 months ago